For this course we use the best FOSS (Free and Open Source) SAST Tool for Python available, Python Code Audit. Python Code Audit is a zero-configuration SAST tool that validates whether your Python code introduces potential security vulnerabilities.
Python Code Audit is compatible with both Unix-based systems (Linux/macOS) and Windows.
Use the browser-based version¶
To access the local browser-based version of Python Code Audit, follow the link below:
The browser-based (WASM) version allows you to run Python Code Audit directly in your web browser without installing anything. This means you can quickly validate and inspect packages hosted on PyPI.org in a safe and isolated environment. It is especially useful for learning, quick checks, and reviewing package integrity before downloading or installing them locally.
Install the package locally¶
In order to make use of all the functionality of Python Code Audit, you must install the Python package locally. For this course and for regular security validation it is advised to use the full version.
To install Python Code Audit, run the following command in your terminal or command prompt:
pip install -U codeauditOnce the installation is complete, you can begin scanning Python Packages immediately.